Social Engineering Blogs

An Aggregator for Blogs About Social Engineering and Related Fields

Inside the criminal mind … Criminal Psychology

Earlier this year I finished a diploma in Criminal Psychology and I thought I would share my high level thoughts on why I think its important to develop some form of appreciation for the criminal mind if your in the job of conducting adversarial simulations.

When you speak to someone about Red Teaming, Threat Simulations, Adversarial Testing or what ever you want to call it, people are often confused or consider it a high risk form of testing. While this can be true, it really depends on what form of criminal adversary you are simulating. This defines their motives, methods of operations and their ultimate objectives.

I think something that people outside of this type work don’t appreciate is that the types of criminals usually worth simulating are not looking to break all the things, they are looking to achieve their goals in the most cost effective, timely and undetectable way. Granted this doesn’t mean they may cause some chaos and destruction once the objective is achieved to cover their tracks, but in general a criminal who is out for financial gain doesn’t much disruption and infact may look to leave doors open to them to come back for repeat winnings. So when you step into mindset of this criminal group, I would say its actually pretty low risk in terms of destruction and disruption.

Of course their are groups of criminals where there intent is purely of destruction and disruption, but this can still be simulated in a safe and controlled manner, and should be tested to find out how effective does BCP work and perhaps attack that also. Regardless of if your looking at nation state attackers, organised crime, activists, corporate adversaries, insider threat, hacktivists or others, they will each have a different perception and mindset they are operating from that should be considered. Why is the objective important, what lengths would they go to, how will they handle frustration, whats seems ethically or morally acceptable to them, what would they do if they felt under pressure, or their activities where detected? All of these things she be thought about and play a part in the framework you operate from and will help your rationale for actions taken during a threat simulation.

Now clearly as a non criminal you cant / shouldn’t mimic everything, so common sense needs to come into play. However I think people to readily discount the value of understanding attacker thinking, and even though its not always easy to fully understand as there is often alot of FUD in the media, but there are good intelligence sources that can be utilised (internal and external), plus accounts from people in law enforcement (this includes psychologists), as well as the odd novel from convicted criminals who expand on what they did, why then did it, and why they perhaps considered it rational.

So I encourage those of you who conduct threat simulations, and in fact even those who are defenders of a corporation to invest some time to better understanding how the criminal thinks, for one it will be different to how you think, and you should challenge each other to think differently, and I hope ultimately it will make the work you do even more valuable.

Machiavellianism Q&A Summary + Download

  To my magnificent readers! As requested, a condensed version of the Triple Question & Answer Session by IllimitableMan, Illacertus and Modern Machiavelli including a pdf to download. You can download the pdf below:   Modern Machiavelli – Triple QA of Power   Feel free to share the pdf, the whole article or parts of it, as long as you refrain from editing it. You also are required to link to the following article to avoid confusion: http://modernmachiavelli.com/q-a-power-machiavellianism/   Workplace Question: What is the best & fastest way to get ahead and promoted at work? Answer (MM): You won’t like this answer but

The post Machiavellianism Q&A Summary + Download appeared first on Modern Machiavelli.

Psychological Manipulation Techniques

A list of almost 200 psychological manipulation techniques in no particular order; to you, my magnificent reader. Most are aimed at getting people to do what you want, but some also protect you from being deceived.  5000 words.     I decided to leave out cognitive biases and fallacies since the posts is quite long the way it is. But rest assured that I am going to dig into those two topics sometime in the future. Psychological Manipulation Techniques & Tactics   Never show people that you are upset, for it makes you appear weak. Social Justice Warriors take notice!

The post Psychological Manipulation Techniques appeared first on Modern Machiavelli.